Bachelor- and Master Seminar CISPA Staff

Registration for this course is open until Monday, 01.08.2022 23:59.

News

18.11.2021

Next Seminar on 24.11.2021

Dear All,

Welcome to the new seminar page!

The next seminar(s) take place on 24.11. at 14:00. Due to time constraints I couldn't make all RA4 and 5 talks go in a seperate session, so please choose the session you are most interested in.


Session A: (RA4,5)
... Read more

Dear All,

Welcome to the new seminar page!

The next seminar(s) take place on 24.11. at 14:00. Due to time constraints I couldn't make all RA4 and 5 talks go in a seperate session, so please choose the session you are most interested in.


Session A: (RA4,5)
Lisa Hoffmann - Dañiel Gerhardt - Gunnar Heide

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=


Session B: (RA 4,5)
Dominik Kempter - Abhilash Gupta - Marc Schuegraf

https://cispa-de.zoom.us/j/99025989421?pwd=cWJIM29LYktsbStxTXlKUStZRi9MUT09

Meeting-ID: 990 2598 9421
Kenncode: 3mZyE$


Session A:

14:00-14:30 

Speaker: Lisa Hoffmann
Type of talk: Bachelor Intro
Advisor: Dr. Katharina Krombholz, Carolyn Guthoff (Assistent)
Title: Development and Evaluation of a ​Dark Pattern Reporting Tool
Research: RA5 (Empirical and Behavioural Security)

Abstract:
There are a lot of papers published that deal with the topic of cookie banners and the problems and violations of the GDPR that occur with them.
Most papers give a limited and only temporary insight on this problem since data is collected only during a specific time period and on specific websites.
As mentioned by Fassl et al. [1], the topic is widely researched, but we are still in need of a solution that helps to solve the issue on a large scale in terms of data collection,
which is not restricted to a time frame or number of websites.
For that purpose, I aim to design a Chrome extension that collects violations of the GDPR in a publicly available list, which is updated with the help of end-users of browsers.

[1] Matthias Fassel, Lea Gröber, Katharina Krombholz. 2021. Stop the Consent Theater.

 

14:30-15:00

Speaker: Dañiel Gerhardt
Type of talk: Bachelor Intro
Advisor: Katharina Krombholz
Title: Mental models of EU Digital COVID Certificate Validation
Research Area: RA5

Abstract: The pandemic caused by COVID-19 has required us to quickly come up with solutions for this new and sudden problem of a rapidly spreading disease around the world. After a relatively short time vaccinations were made available but since it cannot be assumed that everyone has received a vaccine a convenient and accessible method for proving someone’s vaccination status was needed. In the European Union the EU Digital COVID Certificate was introduced in July 2021 to tackle this problem by allowing citizens to carry a digital certificate proving their vaccination status or that they recovered from the disease. This certificate, usually stored and presented as a QR code, can then quickly and easily be validated by staff at public places that require that visitors are either vaccinated or recovered from the disease to be allowed to enter. Recent anecdotal evidence has shown that this validation is often not done correctly and the person responsible for validating the authenticity of a given vaccination certificate often simply looks at a holder’s QR code stored in an app like CovPass or the Corona-Warn-App instead of scanning the QR code with an app like the CovPassCheck-App and cross-checking the identity of the certificate holder with the identity of the person presenting it using a government-issued ID. This incorrect validation might make the digital certificate less secure than a traditional paper vaccine passport as presenting any QR code may arguably be easier than forging a paper vaccine passport. It can also lead to unvaccinated people entering restricted areas where everyone present is under the assumption that everyone else around them is vaccinated or recovered and carries a valid vaccination certificate. The reason why it is so commonplace to incorrectly validate the EU Digital COVID Certificate is unknown so in this study, I will explore the mental models of professional users in regards to the validation process of the EU Digital COVID Certificate to find out.

 

 

15:00-15:30

Speaker: Gunnar Heide
Advisor: Lucjan Hanzlik
Title: no info
Research Area: 4

 

Session B:

14:00-14:30

Speaker: Dominik Kempter
Type of talk: Bachelor Final
Advisor: Dr. Giancarlo Pellegrino
Title: LighDTA - Lightweight Dynamic Taint Flow Analysis for State-Changing Operations
Research Area: RA5: Empirical and Behavioural Security

Abstract:
Many web applications trust data located in persistent storage. The disregard of proper sanitization leads to a variety of second-order vulnerabilities like Stored-XSS.
Dynamic Taint Analysis is one solution to this problem. Pre-defined data sources are tainting input, while security-critical functions can check for taints. The problem with this approach is propagating taints through persistent storage like databases. State-of-the-art propositions are highly dependent on the underlying persistent storage. This requires developers to restructure the database and applications to handle taints.
This bachelor thesis intends to explore the effectiveness of a lightweight approach to connect database input sinks to output sinks. This allows dynamic taint analysis to be performed independent of the underlying database and requires no restructuring of the web application.
We implemented a prototype that matches a database interface's read and write functions based on generated function traces. Those matches allow tracking the data flow within an application through persistent storage. We tested the prototype on six applications and found that our lightweight approach is capable to perform dynamic taint analysis without keeping track of taint markings and runtime checks on taints with proper parsing and data extraction.

 

14:30-15:00

Speaker: Abhilash Gupta
    Type of talk: Masters thesis final presentation
    Advisor: Dr. Rahul Gopinath
    Supervisor: Prof. Dr. Andreas Zeller
    Title: Grammar Fuzzing Command-line utilities in Linux
    Research Area: RA4

Abstract:
Command-line (CLI) utilities are popular programs invoked on the command-line interface. Their execution is determined by the configuration options and arguments passed in its invocation. The options activate various code segments and the arguments are its input. It is imperative to utilise both options and arguments while fuzzing to search for failures.

However, options have been always excluded from previous fuzzing CLI utilities experiments. In this thesis, we describe a method to integrate both options and arguments into the fuzzing process via the use of context-free grammars (CFG). Our approach takes a utility and automatically constructs a human-readable CFG capturing the entire syntax of its invocation. Once extracted, the grammar can be saved and reused again for that utility.

This thesis employs this approach to fuzz test 44 CLI utilities in Linux. It evaluates the number of failures found in those utilities. Furthermore, it also evaluates the code coverage achieved by this approach. The results demonstrate that this approach discovers more failures in CLI utilities than the best reported literature. Furthermore, this approach is observed to generally achieve better code coverage than a state-of-the-art feedback driven fuzzer.

 
15:00-15:30

Speaker: Mark Schuegraf
Type of talk: Master Final
Advisor: Prof. Dr. Andreas Zeller
Title: Fuzzing With Grammar Variants
Research Area: RA4

Abstract:
Fuzzing is the execution of a system under test with unexpected inputs. In generating these inputs, fuzzers may rely on a grammar to model the input language. However, such grammar-based fuzzers are only as good as the grammar they use.

We therefore investigated whether structural changes to grammars affect the performance of grammar-based fuzzers: First, we derived variants of existing grammars using transformations that preserve the modeled input language. Second, we empirically evaluated these grammar variants on real test subjects. In most tested configurations, we saw changes in the fuzzing performance of a fuzzer when using a particular grammar variant.

04.11.2021

Next Seminar on 10.11.2021

Dear All,

The order of talks has changed!

The next seminar(s) take place on 10.11. at 14:00.


Session A: (RA4)
Konstantin Holz - Tristan Hornetz - Joshua Renckens... Read more

Dear All,

The order of talks has changed!

The next seminar(s) take place on 10.11. at 14:00.


Session A: (RA4)
Konstantin Holz - Tristan Hornetz - Joshua Renckens

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=


Session B:  no talk this week


Session A:

14:00-14:30 

Speaker: Konstantin Holz
Type of Talk: Bachelor Final
Advisor: Dr. Nils Ole Tippenhauer
Title: Security Assessment of IPv6 Implementations of Home Routers
Research Area: Secure mobile and autonomous systems

Abstract: The successor of IPv4, IPv6 is slowly reaching into the commercial area and into the households to replace IPv4. ISP begin providing a native IPv6 for end-users to utilize for their internet connection.
In this thesis, we examine the IPv6 implementation in commercially available routers, for differences in features and security mechanisms. In particular, we want to find out to which degree various manufacturers implemented IPv6 and which security guarantees it provides in contrast to its IPv4 implementation. For this, we run various tests on chosen devices for packet routing as well as look into features provided to the user and also look into the provided source code.

 

14:30-15:00

Speaker: Tristan Hornetz
Type of talk: Bachelor Final
Supervisor: Prof. Dr. Andreas Zeller
Title: Evaluating the Effectiveness of Automated Fault Localization in Python
Research Area: RA4

Abstract:

Automated fault localization describes a group of techniques that can aid a
programmer in locating the cause of bugs during software development. There
exists an abundance of past research on the topic, with countless approaches
being proposed and evaluated. Among the most popular techniques are
Statistical Debugging (SD) and Spectrum Based Fault Localization (SBFL), which
utilize dynamically recorded execution data to produce rankings of suspicious
program elements.
However, there is very little research about the applicability and general
usefulness of automated fault localization in the Python programming language.
This is surprising, given Python's high popularity and powerful introspection
capabilities. In this thesis, I present a configurable hybrid model of SBFL
and SD, and evaluate its performance on 300 bugs in real-world Python programs
from the BugsInPy database. The results demonstrate that configurations
resembling SBFL are generally superior to SD-like configurations. Moreover, I
demonstrate that a combination of SBFL and SD can yield better results than
both techniques individually.

15:00-15:30

Speaker: Joshua Renckens

Type of talk: Bachelor Final

Advisors: Dr. Rafael Dutra, Nikolas Havrikov

Supervisor: Prof. Dr. Andreas Zeller

Title: 0KFuzzer: Applying Systematic Exploration to FormatFuzzer

Research Area: RA4

Abstract:
Fuzzing is a technique used to test the robustness of programs by automatically generating inputs and feeding them into programs under test. However, using only randomly generated inputs is not a good way to achieve great code coverage. Most will immediately fail at the beginning of the program execution due to not matching the structure that is expected of the input.
Ways to mitigate this are grammar-based fuzzers. They take grammars that specify languages first and then base the input generation on the specified language. This makes sure that a certain input structure is maintained, reaching parts of the test programs random fuzzing wouldn’t be able to reach. However there is no guarantee that the entirety of a grammar can be covered reliably even when using grammar-based fuzzers.
The k-path algorithm improves on these grammar-based fuzzers bytaking care of the aforementioned issue. The goal of the k-path algorithm is to make sure that all of the grammar is systematically covered. It does so by building a list of k-paths from the grammar and generating inputs that cover these k-paths. Covering all of the k-paths should result in covering all of the productions of the grammar under test and by extension all of it’s terminals and non-terminals as well.
FormatFuzzer has an idea similar to grammar-based fuzzers but it takes binary templates, a format specification used by the 010 Editor, that  specify  file  formats  as  inputs instead  of grammars. It compiles them into C++ code that then acts as a generator of inputs according to the format specification described in said templates. However a similar problem to the grammar-based fuzzers can be found here as well, there is no guarantee that the entirety of the specification can be reliably covered and that’s where implementing the k-path algorithm into FormatFuzzer comes into play.
This thesis aims to improve on the FormatFuzzer by combining it with the k-path algorithm, taking the systematic coverage of grammars and using it on format specifications, with the goal being to systematically cover as much of the specification as possible. This combination of FormatFuzzer and the k-path algorithm, which we named the 0KFuzzer, will then be evaluated against the default FormatFuzzer to compare template coverage and code coverage

 

21.10.2021

Next Seminar on 27.10.2021

Dear All,

The next seminar(s) take place on 27.10. at 14:00.


Session A: (RA3,4)
Christoph Steuer - Jonathan Busch - Jonas Büchner

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode:... Read more

Dear All,

The next seminar(s) take place on 27.10. at 14:00.


Session A: (RA3,4)
Christoph Steuer - Jonathan Busch - Jonas Büchner

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=


Session B:

no talk this week


Session A:

14:00-14:30 

Speaker: Christoph Steuer
Type of talk: Bachelor Intro
Advisor: Sven Bugiel
Title: Seamless installation of Trustlets with third-party application in Android
Research Area: RA4

Abstract:
In the modern world, the need for trusted computing is increasing. Whether it be cryptography, access control or credential validation, being able to trust a piece of software to do what it is supposed to do and not leak sensitive information is a very important step towards a more secure world.
From the hardware side, there are several platforms to support trusted computing, with technologies such as Intel Software Guard Extensions (Intel-SGX), Arm TrustZone or AMD Secure Encrypted Virtualization(SEV). However, this support has to be utilized by software to become useful to the end user.
In Android, there is support for the Trusted Execution Environment OP-TEE, however the range of operations of trusted computing is severely limited due to the infeasibility for applications to ship custom Trusted Applications as there is no support during the app installation process to handle them. In case of OP-TEE, users attempting to install trusted applications first need to have access to a root shell. However, unlike on other commonly used Linux distributions, obtaining root privileges on Android is a complex and made difficult operation that, if attempted by inexperienced people, has a non-negligible chance to fail and potentially make the installed operating system inoperable. The only trusted computing that applications installed without root have access to comes in form of features of Android such as key store that function as Application Programming Interface(API) to pre-defined trusted applications.
The goal of the thesis is to extend the Android app installation process to allow for installation of Trusted Applications for OP-TEE without compromising currently available security guarantees.

 

14:30-15:00

Speaker: Jonathan Busch
Type of talk: Bachelor Intro
Advisor: Dr. Michael Schwarz
Title: Power-ups for Chromium: Facilitate Side-Channel Research
Research Area: RA3

Abstract: In recent years, side-channel based attacks have gained more and more importance. Instead of exploiting bugs, these novel attacks use side effects caused by software or hardware to infer secret information.
Low-level programming languages such as C or C++ are predominantly used to develop side-channel exploits, since they allow for controlling and measuring the microarchitectural state.
However, access to these low-level functions is not available for every programming language. For instance, JavaScript lacks some crucial functions used in side-channel attacks. Instead, one must use highly laborious workarounds to realize the same attacks. This makes testing, whether a newly found side-channel attack works in JavaScript, a time-consuming task.
In this work, we add low-level functions to Chromium’s JavaScript engine in order to facilitate this process. This allows researchers to build proof-of-concept scripts to check, whether a new side-channel attack is feasible in JavaScript, to avoid developing expensive workarounds in vain. Additionally, we provide proof-of-concepts of well-known side-channel-based attacks such as Flush+Reload and Spectre utilizing our extended version of Chromium.

 

 

15:00-15:30

Speaker: Jonas Büchner
Type of talk: Bachelor Final
Advisor: Dr. Michael Schwarz
Title: (M)WAIT for It: Secret MONITORing using CPU Features
Research Area: RA3

Abstract: There is a plethora of attacks on the microarchitecture of current CPUs, of which side channels are among the most important. They not only leak cryptographic keys, but are used as building block of the powerful Meltdown and Spectre attacks. Prominent examples of side channels, like Flush+Reload or Prime+Probe, exploit the timing differences between cache hits and cache misses. While these are well-demonstrated and strong attack primitives, they are inherently limited. By relying on the execution and timing of their own cache operations, they are susceptible to noise and, even more importantly, suffer from a "blind window": if a victim access occurs during the reloading phase, they cannot observe it.
We overcome this with the MONITOR/MWAIT instructions that are contained in the SSE3 extensions of all modern x86 CPUs. This pair of instructions is meant for power management and thread optimization. Its primary use is to wait for a change on a monitored address range and continue execution once a write, or other triggering events, occur. While this aims at lock acquisition and synchronization, it seems to be meant to be exploited. We construct a side-channel from the native behaviour of this instruction pair by using it on victim addresses.
This thesis presents a new deterministic side-channel primitive that does not rely on caches. It is more robust than common cache side channels and allows for monitoring victim memory without ever missing an access. We demonstrate its usability in proof-of-concept controlled-channel attacks against Intel's Software Guard Extensions, achieving an attack accuracy of 100%. We furthermore construct a double-fetch detection mechanism which reliably detects double-fetches above a threshold of a few thousand cycles. Finally, we evaluate the use of our primitive as a covert channel, indicating resistance of most systems against this attack.

 

07.10.2021

Next Seminar on 13.10.2021

Dear All,

Welcome to the new seminar page!

The next seminar(s) take place on 13.10. at 14:00. Since there is RA4 talks in both sessions, if you are from RA4, you can choose which session you want to join this week :)


Session A: (RA4)
Vera Resch - Jonas... Read more

Dear All,

Welcome to the new seminar page!

The next seminar(s) take place on 13.10. at 14:00. Since there is RA4 talks in both sessions, if you are from RA4, you can choose which session you want to join this week :)


Session A: (RA4)
Vera Resch - Jonas Cirotzki - John Schmitt

https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09

Meeting-ID: 967 8620 5841
Kenncode: BT!u5=


Session B: (RA 1,3,4)
Markus Bever - Anirudh Upadhya - Lorenz Hetterich

https://cispa-de.zoom.us/j/99025989421?pwd=cWJIM29LYktsbStxTXlKUStZRi9MUT09

Meeting-ID: 990 2598 9421
Kenncode: 3mZyE$


Session A:

14:00-14:30 


Speaker: Vera Resch
Type of talk: Master Final Talk
Supervisor: Prof. Zeller
Advisors: Rahul Gopinath, Nikolas Havrikov
Title: Grammar-based URL Fuzzing: Field Study Exploring the WHATWG URL Standard
Research Area: 4

Abstract: Uniform Resource Locators (URLs) allow to quickly and precisely navigate today's web. Similar to the specifications of other web standards, such as HTML, the WHATWG maintains the URL specification as a living standard. However, because different applications use URLs for a multitude of purposes, there exists a variety of implementations of URL parsers, most of which claim to follow the URL standard.
This thesis uses grammar-based fuzzing together with a grammar of the current URL standard to examine how close the relationship between URL parsers and the standard is. In detail, this consists of testing the URL parsers included in the browsers Firefox and Chromium, as well as a selection of stand-alone URL parsers with inputs generated by executing a grammar-based fuzzer with a URL grammar based on the current standard and a URL grammar based on the RFC standard.
Finally, this thesis evaluates the number of errors encountered during test execution as well as the code coverages achieved in the selected URL parsers.
Results include that higher code coverages are reachable with inputs generated according to the current specification in comparison to inputs generated according to the RFC specification in ten out of eleven tested URL parsers. Furthermore, eight out of eleven tested URL parsers reject inputs based on the current specification less often than those based on the RFC specification.

 

14:30-15:00

Speaker: Jonas Cirotzki
Advisor: Sven Bugiel
Research Area: RA4

Abstract:missing info

 

 

15:00-15:30

Speaker: John Schmitt
Type of talk: Bachelor Final
Advisor: Dr. Sven Bugiel
Title: Implementing Certificate Transparency Inside Android Open Source Project
Research Area: 4

Abstract: Today the internet usage is as high as ever and gets more diverse every day. Therefore the security of the web is very important. One major point in security is the identity verification of web servers. To verify the identity of a web server, a web client has to rely on the validity of the provided certificate. As a result, web clients blindly trust in the integrity of the certificate authority to properly issue certificates. But what happens if a certificate authority is compromised, goes rogue, or issues flawed certificates?
In case of such a certificate misissuance, certificate transparency helps by providing a secure append-only log that documents every certificate issuance and thus enables accountability for certificate authorities.
Mobile devices are a major source of network traffic to web servers. Additionally, Android currently holds the biggest market share of mobile operating systems but does not present any solution to a certificate transparency implementation. With our work, we provide a proof of concept for an implementation of certificate transparency in the Android Open Source Project and make use of its benefits to protect Android users from certificate misissuance and thus Man-in-the-Middle attacks. Our evaluation has shown, that common apps are not negatively influenced by the prototypical implementation which, in our opinion, makes certificate transparency a very useful Android extension.

 

Session B:

14:00-14:30

Speaker: Markus Bever
Type of talk: Bachelor Final
Advisor: Antoine Joux, Anand Kunar Naranayan
Title: On parallelization for public key cryptanalysis
Research Area: RA1: Trustworthy Information Processing

Abstract:
Verifiable delay functions are exciting and new primitives in cryptography, especially
in the field of blockchains. The goal of this thesis is to study different approaches
to undermine the security of verifiable delay functions. For this we will try different
setups where the attackers control parts of a network and try to attack the verifiable
delay function in parallel. The current implementations of verifiable delay functions are
typically built based on number theoretical assumptions. There is a group underlying
the security of verifiable delay functions. We will focus on the example of a RSA-group.
Other candidates for the group include the ideal class group of quadratic imaginary
extensions. Verifiable delay functions are easily broken if the group order is known, in our
case this can be achieved by factoring. The fastest algorithm for factoring is the number
field sieve, which is part of the index calculus family and uses a lot of linear algebra. All
this candidates for breaking verifiable delay functions by finding the group order involve
index calculus methods. Here, the bottleneck is the linear algebra step. Also, we will
discuss Lenstra’s elliptic curve method for factoring. Our primary motivation was to
speed this up using parallelization. In this direction we investigated a new approach
from Fouque and Kirchner to calculate the group order in a black-box ring. This is an
extension of Maurers algorithm investigating the congruence between discrete logarithms
and the Diffie-Hellmann cryptosystem.

 

14:30-15:00

Speaker: Anirudh Upadhya
Type of talk: Master Intro
Advisor: Dr. Nils Ole Tippenhauer
Title: Safety and Security Critical Function Identification and Monitoring for Motor Controllers
Research Area: RA4

Abstract: Eletric scooters are becoming very popular recently and have been widely used. Most of these e-scooters and hoverboards are of cheap quality and buggy software without standardization. The firmwares of these scooters can be hacked to tweak scooter paramters. If the attacker has near access to the device he can maliciously tamper the sensor reading which can lead to wrong calculation torque vectors and then leading to a unintended acceleration or deceleration.​ The attacker can also increase the performance of the hoverboard with respect to its maximum speed etc or add additional functionalities to it.​
In this theses, we want to identify critical functions based on various currently available e-scooter architectures and find the impact on the e-scooter and thus the rider. We also want to implement runtime monitoring of these types of motor controllers. Monitoring software layer is used to check for errors in software or any unintended behavior from the user and curb them while bringing the system back to safe state or fail safe as defined in the architecture.​ Based on the critical functionalities the monitoring code is added. This code can utilize the existing TEE (Trusted Execution Environment) or run on a different core which has checker core feature (for example : Infineon AURIX 32 bit Tricore).​

 

 
15:00-15:30

Speaker:
Lorenz Hetterich

Type of talk:
Bachelor Final

Advisor:
Dr. Michael Schwarz

Title:
Exploting Spectre on IOS

Abstract:
Most CPUs don't stall execution when they encounter control flow instructions, but use predictors to make educated guesses on the destination (e.g. whether a branch is taken or not).
This allows them to speculatively continue execution resulting in a major time save upon correct predictions.
On incorrect predictions, speculatively executed instructions are not retired, the pipeline is flushed, and execution continues at the correct destination.
Whilst speculatively executed instructions are not visible on an architectural level, they may leave microarchitectural traces that can be observed using a side channel.
Spectre abuses this by mistraining predictors and observing microarchitectural state changes caused by speculative execution.
Even though research on Spectre has been done on most major platforms, Apple devices have hardly received any attention.
In my thesis, I evaluated the primitives required for cache side-channels on three Apple devices: An iPhone 7, an iPhone 8 Plus, and a M1 Mac Mini and successfully developed a simple Spectre proof of concept.
This talk will give an overview of the building blocks required for a simple Spectre attack and what difficulties we faced on Apple devices compared to other platforms.

 

Bachelor- and Master-Seminar

The bachelor/master seminar is a stage for all talks related to bachelor or master theses at CISPA.

The seminar is currently held bi-weekly on Wednesdays in odd-numbered calendar weeks. It takes place throughout the year, regardless of the lecture periods. You can join at any time. There are two parallel Zoom sessions from 14:00 to 15:30 with up to three talks each. The upcoming talks will be announced in the News section above.

Requirements for the course certificate

To pass the seminar, you have to

  • give an introductory talk where you present your thesis proposal

Furthermore, it is expected that you attend all talks of your own research area and participate in discussion during the time of your thesis work. You get a certificate and a grade for this course from your advisor. The advisor can contact us (bamaseminar@cispa.saarland) to check whether you meet all the passing conditions and to get a template for the certificate.

Further, you are required to hold a final talk about the results as a part of your thesis. While this talk is technically not part of the seminar but of the thesis work, you can still present it in the context of the seminar.

Attending a seminar session

Simply join one of the two parallel Zoom sessions. Choose the session with the talks you are most interested in. We welcome active participation and encourage you to ask questions and give helpful comments in the discussion after each talk.

During the seminar, we will share a link to an attendance sheet. Make sure to add your name to this document. We use these documents to track who attended which sessions.

Giving a talk in the seminar

Each talking slot is 30 minutes long. Your presentation should last about 20 minutes, so we have about 10 minutes left for discussion.

If you want to give a talk, you can book a time slot in one of the sessions. Use one of the following links for booking:

Please coordinate time and date with your advisor so that no two students of the same advisor present at the same time.

If you don't need a specific time slot, you can try to book 14:30, as some students either need the 14:00 or 15:00 slot. In rare cases, we will have to move the talks in a day, so please indicate which times you would be available. The final schedule will be announced in the News section a few days before the sessions take place.

To list your talk in the announcement, you will have to hand in some information about it, namely:

  • Speaker: Your name.
  • Type of talk: Bachelor Intro, Bachelor Final, Master Intro, or Master Final.
  • Advisor: The name of your advisor. If multiple advisors wish to attend the session, please list all of them so we can make sure that there are no collisions.
  • Title: Title of your talk.
  • Research Area: the number of your area. (In doubt check https://cispa.de/de/research or ask your advisor) The areas are the following:
    • RA1: Trustworthy Information Processing
    • RA2: Reliable Security Guarantees
    • RA3: Threat Detection and Defenses
    • RA4: Secure Mobile and Autonomous Systems
    • RA5: Empirical and Behavioural Security
  • Abstract: Abstract of your talk.

Refer to previous announcements for examples.

Please submit this information at least one week in advance (until 23:59 on the Wednesday before your talk). Upload your information as a submission to CMS (see Personal Status), preferably as a plain text file (.txt). You can find a template in the materials section.

Contact the organizers

If there are any questions left, please use the mail address bamaseminar@cispa.saarland to contact the organizers.



Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators